Rob, you're close, but have a few things mixed up. You're control port (21) will always stay static on that port. It will never change unless someone configure the FTP server to listen on a different port.
Port 20 (the data port) is for active connections. It too is statically bound to that port. It will never change. however, this is somewhat insecure, since haxors can use sniffing devices to listen to data passing on that port. Hence the introduction of passive connections. When a data transfer is about to commence, the FTP server sends a port number to the client, telling it what port the client should communicate on (it's usually a really high port > 1024). Each time a FTP server must communicate via passive mode, a different port is randomly chosen as to lower the possibility of sniffed data. The FTP client controls whether an active/passive connection is used. However, certain FTP clients don't give you the option to use either or (ie: Win95 DOS ftp). -Rob > Hey Julian, > > Yes, there's something about that. Passive ftp vs active. Active ftp will > jump around with it use of ports (I don't know if it's the data, control, or > both that actually jump). > I'm not sure if you can tell the server whether or not to use passive, but I > know you can tell the client. Sometimes people forget that IE can be used as > an ftp client, so don't forget to set the passive ftp check box in the IE > tools/options area. > > Hopefully you won't need a whole book on ftp. It's a lot less complex than > something like email or DNS!! > > Nice to see you around again Julian! > > Rob > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Julian Opificius > Sent: Wednesday, January 16, 2002 7:48 PM > To: [EMAIL PROTECTED] > Subject: RE: NAT and FTP > > > Cheers Robert. Is it always port 20? Somehow I thought that a different > port was opened up for every simultaneous connection. > > I sense the imminent need to purchase another O'Reilly book ... ;-) > > julian. > > > At 09:35 PM 1/16/02, you wrote: > >One port's for control and one's for data: > > > >make sure you check this out: "cat /etc/services | grep ftp" > > > >Rob > > > > > >-----Original Message----- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED]]On Behalf Of Julian Opificius > >Sent: Wednesday, January 16, 2002 7:12 PM > >To: [EMAIL PROTECTED] > >Subject: Re: NAT and FTP > > > > > >Why's that? > > > >j. > >=================== > >At 08:58 PM 1/16/02, you wrote: > > >You might want to open up port 20, as well. > > > > > >On Wed, 16 Jan 2002, Julian Opificius wrote: > > > > > > > Hi folks, > > > > > > > > I'm using NAT on my Cisco 678 DSL modem, to connect my real IP into my > > > > private LAN. > > > > I want to run an FTP server on my Linux box, accessible from the > outside > > > > world. I know I have to open up port 21, 'cos it's the FTP control > port, > > > > but do I have to open up any other ports in order to allow data > >transfers? > > > > > > > > julian. > > > > > > > > ---------------------------------------------------------------- > > > > Just because I'm paranoid doesn't mean they aren't after me ... > > > > > > > > Julian Opificius. ICQ 3268206. > > > > ---------------------------------------------------------------- > > > > > > > > > > > > > > > > _______________________________________________ > > > > Redhat-list mailing list > > > > [EMAIL PROTECTED] > > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > > > > > > > >_______________________________________________ > > >Redhat-list mailing list > > >[EMAIL PROTECTED] > > >https://listman.redhat.com/mailman/listinfo/redhat-list > > > >---------------------------------------------------------------- > >Just because I'm paranoid doesn't mean they aren't after me ... > > > >Julian Opificius. ICQ 3268206. > >---------------------------------------------------------------- > > > > > > > >_______________________________________________ > >Redhat-list mailing list > >[EMAIL PROTECTED] > >https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > >_______________________________________________ > >Redhat-list mailing list > >[EMAIL PROTECTED] > >https://listman.redhat.com/mailman/listinfo/redhat-list > > ---------------------------------------------------------------- > From my wife: "I'm not playing mind games with you, I'm just making you > think I'm playing mind games with you ..." > > Julian Opificius. ICQ 3268206. > ---------------------------------------------------------------- > > > > _______________________________________________ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > _______________________________________________ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > -- -Rob _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
